security: add centralized daemon ID validation#140
Merged
Conversation
Adds validation for daemon IDs to prevent path traversal attacks when IDs are used to construct file paths (logs, state files, etc.). Changes: - Add is_valid_daemon_id() and validate_daemon_id() functions to daemon.rs - Update web routes (logs.rs, daemons.rs) to use shared validation - Add validation to IPC handlers (Stop, Run, Enable, Disable requests) - Add comprehensive unit tests for validation A valid daemon ID: - Is not empty - Does not contain path separators (/ or \) - Does not contain parent directory references (..) - Does not contain spaces - Is not "." (current directory) - Contains only printable ASCII characters Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Merged
jdx
added a commit
that referenced
this pull request
Jan 19, 2026
## 🤖 New release * `pitchfork-cli`: 0.3.0 -> 0.3.1 <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [0.3.1](v0.3.0...v0.3.1) - 2026-01-19 ### Added - implement daemon dependency resolution ([#135](#135)) - add restart command to CLI ([#134](#134)) ### Fixed - restart command preserves daemon dependency configuration ([#142](#142)) - add missing depends field to restart command ([#136](#136)) - set IPC socket permissions to 0600 for security ([#133](#133)) - handle shell command parsing errors instead of silently failing ([#132](#132)) ### Other - reduce unnecessary daemon cloning in loops ([#144](#144)) - use periodic log flushing instead of per-line ([#139](#139)) - refresh only tracked PIDs instead of all processes ([#141](#141)) - cache compiled regex patterns ([#143](#143)) ### Security - add rate limiting to IPC server ([#137](#137)) - canonicalize config paths to prevent symlink exploitation ([#138](#138)) - add centralized daemon ID validation ([#140](#140)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Prepares the 0.3.1 release and updates metadata/documentation accordingly. > > - **Changelog**: Adds `0.3.1` entry detailing added dependency resolution, new `restart` command, fixes, performance tweaks, and security hardening > - **Version bumps**: Updates `version` to `0.3.1` in `Cargo.toml`, `Cargo.lock`, `docs/cli/commands.json`, `docs/cli/index.md`, and `pitchfork.usage.kdl` > - **Docs regen**: Refreshes CLI docs/spec to reflect the new version (no behavioral changes in this diff) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9f9d386. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Merged
jdx
added a commit
that referenced
this pull request
Jan 19, 2026
## 🤖 New release * `pitchfork-cli`: 1.0.0 <details><summary><i><b>Changelog</b></i></summary><p> <blockquote> ## [1.0.0](https://github.com/jdx/pitchfork/releases/tag/v1.0.0) - 2026-01-19 ### Added - implement daemon dependency resolution ([#135](#135)) - add restart command to CLI ([#134](#134)) ### Fixed - restart command preserves daemon dependency configuration ([#142](#142)) - add missing depends field to restart command ([#136](#136)) - set IPC socket permissions to 0600 for security ([#133](#133)) - handle shell command parsing errors instead of silently failing ([#132](#132)) ### Other - bump version to 1.0.0 ([#147](#147)) - release v0.3.1 ([#121](#121)) - reduce unnecessary daemon cloning in loops ([#144](#144)) - use periodic log flushing instead of per-line ([#139](#139)) - refresh only tracked PIDs instead of all processes ([#141](#141)) - cache compiled regex patterns ([#143](#143)) ### Security - add rate limiting to IPC server ([#137](#137)) - canonicalize config paths to prevent symlink exploitation ([#138](#138)) - add centralized daemon ID validation ([#140](#140)) </blockquote> </p></details> --- This PR was generated with [release-plz](https://github.com/release-plz/release-plz/). <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Prepares the 1.0.0 release and updates `CHANGELOG.md` with the finalized notes. > > - Adds `1.0.0` section: daemon dependency resolution, new CLI `restart` command, fixes for dependency preservation and shell parsing, secure IPC socket perms, plus performance/maintenance updates > - Documents security hardening: IPC rate limiting, config path canonicalization, centralized daemon ID validation > - Retains prior `0.3.1` notes for historical context > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 4182984. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
src/daemon.rs: Newis_valid_daemon_id()andvalidate_daemon_id()functions with testssrc/web/routes/logs.rs: Uses shared validation functionsrc/web/routes/daemons.rs: Uses shared validation functionsrc/supervisor.rs: Validates daemon IDs in Stop, Run, Enable, Disable IPC handlersSecurity Impact
Daemon IDs are used to construct log file paths and state file entries. Without validation, a malicious ID like
../etc/passwdcould cause path traversal. This change ensures all daemon IDs are validated at API boundaries.Valid daemon IDs
/or\)..(parent directory).(current directory)Test plan
cargo test daemon::testsfoo/bar) returns error🤖 Generated with Claude Code
Note
Strengthens input validation and removes duplicate logic by centralizing daemon ID checks.
is_valid_daemon_idandvalidate_daemon_idinsrc/daemon.rswith comprehensive testssrc/supervisor.rsforStop,Run,Enable, andDisableIPC handlers (returnsIpcResponse::Erroron invalid IDs)src/web/routes/daemons.rsandsrc/web/routes/logs.rsto use shared validation, removing local validatorsCargo.lock(addslibc)Written by Cursor Bugbot for commit 942ecda. This will update automatically on new commits. Configure here.